QNetworkAccessManager SSL双向验证

TDHound

QNetworkAccessManager 如何使用Windows本地证书进行https双向验证？

@
QUrl url("https://www.example.com/../customerLogonAction.biz");
QNetworkRequest request (url);

#ifdef WIN32
HCERTSTORE m_hMyStore = CertOpenSystemStore(0,TEXT("MY"));
if( m_hMyStore)
{
CertControlStore(m_hMyStore, 0, CERT_STORE_CTRL_RESYNC, NULL);
PCCERT_CONTEXT pCertContext = CertFindCertificateInStore(m_hMyStore,
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
0, CERT_FIND_SUBJECT_STR_A,
"11001065125.0000.0004", NULL );
if( pCertContext )
{
QByteArray byteArray;
byteArray.resize(pCertContext->cbCertEncoded);
memcpy(byteArray.data(), pCertContext->pbCertEncoded,
pCertContext->cbCertEncoded);

        QSslCertificate  cert(byteArray,QSsl::Der);
        QSslConfiguration sslConfiguration;
        sslConfiguration.setLocalCertificate(cert);
        request.setSslConfiguration(sslConfiguration);
    }
}

#endif // WIN32

QNetworkAccessManager *networkManager= new QNetworkAccessManager(this);
connect(networkManager,SIGNAL(finished(QNetworkReply*)),
                        SLOT(read(QNetworkReply*)));
networkManager->get(request);

@

运行以上代码发生错误，貌似缺少私钥，该如何处理？
@
QNetworkReply::UnknownNetworkError

// errorString: Cannot provide a certificate with no key.
@

TDHound

因为Qt主要基于OpenSSL实现SSL通信，必须显示提供私钥文件。

sinotitan

那么该如何解决？修改openssl还是qt源码？

sinotitan

客户端证书都保存在USBKey中，私钥是读不出来的，如何处理？

TDHound

使用WinHttp或NSS

Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards.

[quote author="sinotitan" date="1378697173"]客户端证书都保存在USBKey中，私钥是读不出来的，如何处理？[/quote]